"The exploited bug, tracked as CVE-2025-64328 (CVSS score of 8.6) and patched in November 2025, impacts the filestore module of the endpoint manager's administrative interface. Described as a post-authentication command injection issue, the flaw allows an attacker logged in as any user with access to the interface to execute arbitrary shell commands on the underlying host and gain remote access to the system."
"Last month, Fortinet revealed that a hacking group tracked as INJ3CTOR3 had been exploiting CVE-2025-64328 for over a month to deploy a web shell called EncystPHP. The web shell provides the attackers with remote command execution, persistent access, and web shell deployment capabilities."
"Now, non-profit organization The Shadowserver Foundation says that approximately 900 FreePBX instances remain compromised and are running web shells. The endpoint manager deployments were likely compromised via CVE-2025-64328, it notes. Most of the compromised instances (roughly 400) are in the US, data from The Shadowserver Foundation shows."
Sangoma FreePBX, a widely deployed open-source management tool for Asterisk-based IP telephone systems, has been targeted in ongoing attacks exploiting CVE-2025-64328, a command injection vulnerability in the filestore module of the endpoint manager's administrative interface. The flaw, with a CVSS score of 8.6, allows authenticated users to execute arbitrary shell commands and gain remote system access. The hacking group INJ3CTOR3 has been exploiting this vulnerability since December 2025 to deploy EncystPHP web shells, providing remote command execution and persistent access. Approximately 900 FreePBX instances remain compromised, with roughly 400 located in the United States and others distributed across Brazil, Canada, Germany, France, the UK, Italy, and the Netherlands. CISA added the vulnerability to its Known Exploited Vulnerabilities list.
#freepbx-security #cve-2025-64328 #web-shell-attacks #inj3ctor3-threat-group #command-injection-vulnerability
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]